CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4638 – OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey
https://notcve.org/view.php?id=CVE-2024-4638
OnCell G3470A-LTE Series firmware versions v1.7.7 and prior have been identified as vulnerable due to a lack of neutralized inputs in the web key upload function. An attacker could modify the intended commands sent to target functions, which could cause malicious users to execute unauthorized commands. Las versiones de firmware de la serie OnCell G3470A-LTE v1.7.7 y anteriores han sido identificadas como vulnerables debido a la falta de entradas neutralizadas en la función de carga de clave web. Un atacante podría modificar los comandos previstos enviados a las funciones de destino, lo que podría provocar que usuarios malintencionados ejecuten comandos no autorizados. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-242550-oncell-g3470a-lte-series-multiple-web-application-vulnerabilities • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3576 – NPort 5100A Series Store XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-3576
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges. La serie NPort 5100A anterior a la versión 1.6 se ve afectada por una vulnerabilidad XSS del servidor web. La vulnerabilidad se debe a que no se neutralizan correctamente las entradas controlables por el usuario antes de colocarlas en la salida. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-246328-nport-5100a-series-store-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1220 – NPort W2150A/W2250A Series Web Server Stack-based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-1220
A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service. Un desbordamiento de búfer en la región stack de la memoria en el servidor web integrado en la versión 2.3 y anteriores del firmware de la serie Moxa NPort W2150A/W2250A permite a un atacante remoto explotar la vulnerabilidad enviando un payload manipulado al servicio web. La explotación exitosa de la vulnerabilidad podría resultar en la denegación del servicio. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability • CWE-121: Stack-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-0387 – EDS-4000/G4000 Series IP Forwarding Vulnerability
https://notcve.org/view.php?id=CVE-2024-0387
The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests. Las series EDS-4000/G4000 anteriores a la versión 3.2 incluyen capacidades de reenvío de IP que los usuarios no pueden desactivar. Un atacante puede enviar solicitudes al producto y reenviarlas al objetivo. • https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0 • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6094 – OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials
https://notcve.org/view.php?id=CVE-2023-6094
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. • https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement • CWE-319: Cleartext Transmission of Sensitive Information •